Tech groups support new cybersecurity bill

A tech trade group and a leading cybersecurity vendor applauded new legislation introduced in the U.S. Congress that would broaden penalties for cybercrime, including first-time penalties for botnet attacks.

The Cyber Security Enhancement Act, introduced Monday, would create for the first time criminal penalties for botnet attacks often used to aid identity theft, denial-of-service attacks, and the spread of spam and spyware. Botnets are groups of compromised computers that hackers can control remotely.

The bill, introduced by Representatives Adam Schiff, a California Democrat, and Steve Chabot, an Ohio Republican, would also allow prosecutors to pursue racketeering charges against cybercriminal groups, would expand sentencing guidelines for cybercrime by allowing the forfeiture of property used to commit the crime, and would add $30 million a year to the budgets of federal agencies fighting cybercrime.

The Business Software Alliance (BSA), a trade group, and Symantec, a security vendor, both offered support for the legislation. BSA and other tech trade groups have pushed Congress to pass tougher cybersecurity legislation, and BSA said its member company CEOs will push for passage of the bill when they meet in Washington, D.C., in June.

"For too long. cyber criminals have taken advantage of legal blind spots and an under-resourced law enforcement community to brazenly threaten online confidence and security," BSA President and CEO Robert Holleyman said in a statement. "This legislation will give law enforcement updated and improved tools to combat what has become a growing, organized criminal enterprise."

Symantec, in a statement, cheered the cosponsors effort to target botnets. The sophistication of cybercrimes, particularly botnets, "far outstrips the laws on the books," said John Thompson, the company's chairman and CEO. The bill shows Congress is "truly serious" about combating cybercrime, he added.

The bill would also broaden the definition of electronic data theft related to interstate or foreign communication, and expand the cyber extortion statute.